We are writing today to bring to your attention critical information that may directly impact the security of your
enterprise, and ask that you give this communication your immediate attention and response by taking a series
of recommended action steps outlined below.
Software security remains a critical topic of interest to all customers and to the information technology industry.
As you may know, SAP regularly publishes security-related service notes on the SAP Service Marketplace.
These notes are our formal way of notifying our customers of security matters that need attention. We have
noticed that the number of customers who access and execute these critical security-related service notes is
below our expectation.
Therefore, we would like to draw your attention directly to a selection of security-related service notes which we
consider to be especially critical for your systems:
Note 1298160 - Security note: Forbidden program execution possible
Note 1168813 - Security note: Program DISPLAY_FUNC_INCLUDE
Note 1167258 - Security note: Program RS_REPAIR_SOURCE
Note 1304803 Security note: Changing a transport without authorization
These security-related service notes have already been published on the SAP Service Marketplace. These
notes have been designed to be implemented without downtime and, thus, to avoid disruption to your systems
and business processes. Please immediately take the following three steps:
Check whether these security-related service notes are relevant for your systems and if you have already
implemented them in all systems. If not, we urge you to do this as quickly as possible to address any
security-related impact to your organization.
Review other security-related service notes on the SAP Service Marketplace. These notes are crucial for
the security of your SAP system. You can find them at http://service.sap.com/securitynotes. Access to this
information is restricted to users with a valid SAP customer account in the SAP Service Marketplace.
Confirm that your internal systems management processes address security-related service notes in the
SAP Service Marketplace with appropriate urgency on an ongoing basis. In this instance, customer
implementation of these security-related service notes has shown to be below expectations.
SAP maintains a wealth of information in the SAP Service Marketplace on security. We urge you to
leverage these Security Guides, which can be accessed through this link.
The SAP EarlyWatch Alert contains security checks including recommendations.
In addition to the security-related service notes, we offer the following proactive security information:
If you have specific questions about the security service offerings of SAP, please contact the SAP Support
representative in your country.
Thank you for taking the time to address these key security issues within your organization. We are looking
forward to working with you to maintain the security of your SAP system.
Henning Kagermann Leo Apotheker
Co-CEO SAP AG Co-CEO SAP AG